From decf5da1c210e152c1b66ebb1344c7652ae0286c Mon Sep 17 00:00:00 2001 From: dnomd343 Date: Sat, 25 Sep 2021 11:36:44 +0800 Subject: [PATCH 1/9] refactor: new file structure --- Dockerfile | 2 +- load.sh | 80 ++++++++++++++++++++++++++---------------------------- 2 files changed, 39 insertions(+), 43 deletions(-) diff --git a/Dockerfile b/Dockerfile index dfc8d49..696ecc6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ COPY --from=asset /tmp/asset/ /etc/xray/asset/ COPY --from=asset /tmp/xray/xray /usr/bin/ ENV XRAY_LOCATION_ASSET=/etc/xray/asset RUN apk --update add --no-cache iptables ip6tables && \ - mkdir -p /etc/xray/conf && \ + mkdir -p /etc/xray/config && \ mkdir -p /etc/xray/expose/log && \ mkdir -p /etc/xray/expose/segment && \ mv /etc/xray/tproxy.sh / diff --git a/load.sh b/load.sh index a0d136e..1241da4 100755 --- a/load.sh +++ b/load.sh @@ -1,20 +1,35 @@ XRAY_DIR="/etc/xray" LOG_DIR="$XRAY_DIR/expose/log" +CONFIG_DIR="$XRAY_DIR/expose/config" + +load_log(){ +log_level=`cat $LOG_DIR/level` +legal=false +[ "$log_level" == "debug" ] && legal=true +[ "$log_level" == "info" ] && legal=true +[ "$log_level" == "warning" ] && legal=true +[ "$log_level" == "error" ] && legal=true +[ "$log_level" == "none" ] && legal=true +[ "$legal" == false ] && log_level="warning" +cat>$XRAY_DIR/config/log.json<$XRAY_DIR/conf/inbounds.json<$XRAY_DIR/config/inbounds.json<$XRAY_DIR/conf/inbounds.json<$XRAY_DIR/conf/log.json<$XRAY_DIR/expose/outbounds.json<$CONFIG_DIR/outbounds.json<$XRAY_DIR/expose/routing.json<$CONFIG_DIR/routing.json<$XRAY_DIR/expose/dns.json<$CONFIG_DIR/dns.json< Date: Sat, 25 Sep 2021 11:41:25 +0800 Subject: [PATCH 2/9] feat: ipv6 inbound for tproxy --- load.sh | 21 +++++++++++++++++++++ tproxy.sh | 6 +++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/load.sh b/load.sh index 1241da4..1ddab48 100755 --- a/load.sh +++ b/load.sh @@ -47,6 +47,27 @@ cat>$XRAY_DIR/config/inbounds.json< Date: Sat, 25 Sep 2021 13:16:34 +0800 Subject: [PATCH 3/9] feat: custom geo asset files --- load.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/load.sh b/load.sh index 1ddab48..bc5aba8 100755 --- a/load.sh +++ b/load.sh @@ -1,5 +1,6 @@ XRAY_DIR="/etc/xray" LOG_DIR="$XRAY_DIR/expose/log" +ASSET_DIR="$XRAY_DIR/expose/asset" CONFIG_DIR="$XRAY_DIR/expose/config" load_log(){ @@ -168,6 +169,23 @@ cat>$CONFIG_DIR/dns.json<$ASSET_DIR/update.sh<<"EOF" +GITHUB="github.com" +ASSET_REPO="Loyalsoldier/v2ray-rules-dat" +VERSION=$(curl --silent "https://api.github.com/repos/$ASSET_REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'); +mkdir -p ./temp/ +wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geoip.dat" +file_size=`du ./temp/geoip.dat | awk '{print $1}'` +[ $file_size != "0" ] && mv -f ./temp/geoip.dat ./ +wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geosite.dat" +file_size=`du ./temp/geosite.dat | awk '{print $1}'` +[ $file_size != "0" ] && mv -f ./temp/geosite.dat ./ +rm -rf ./temp/ +EOF +chmod +x $ASSET_DIR/update.sh +} + load_ipv4(){ cat>$XRAY_DIR/expose/segment/ipv4< Date: Sat, 25 Sep 2021 18:57:21 +0800 Subject: [PATCH 4/9] feat: automatic network configuration --- load.sh | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/load.sh b/load.sh index bc5aba8..f5e9449 100755 --- a/load.sh +++ b/load.sh @@ -2,6 +2,7 @@ XRAY_DIR="/etc/xray" LOG_DIR="$XRAY_DIR/expose/log" ASSET_DIR="$XRAY_DIR/expose/asset" CONFIG_DIR="$XRAY_DIR/expose/config" +NETWORK_DIR="$XRAY_DIR/expose/network" load_log(){ log_level=`cat $LOG_DIR/level` @@ -186,6 +187,65 @@ EOF chmod +x $ASSET_DIR/update.sh } +load_network_ipv4(){ +cat>"$NETWORK_DIR/ipv4"<"$NETWORK_DIR/ipv6"<$XRAY_DIR/expose/segment/ipv4< Date: Sat, 25 Sep 2021 19:12:33 +0800 Subject: [PATCH 5/9] feat: custom dns server --- load.sh | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/load.sh b/load.sh index f5e9449..f29b973 100755 --- a/load.sh +++ b/load.sh @@ -120,6 +120,18 @@ cat>$XRAY_DIR/config/inbounds.json<$CONFIG_DIR/dns.json<$CONFIG_DIR/outbounds.json<$CONFIG_DIR/routing.json<$CONFIG_DIR/dns.json<$ASSET_DIR/update.sh<<"EOF" GITHUB="github.com" @@ -244,6 +243,13 @@ if [ -n "$ipv6_forward" ]; then eval "sysctl -w net.ipv6.conf.all.forwarding=0" fi fi +if [ -s "$NETWORK_DIR/dns" ]; then + cat /dev/null > /etc/resolv.conf + while read -r row + do + echo "nameserver $row" >> /etc/resolv.conf + done < $NETWORK_DIR/dns +fi } load_ipv4(){ From 5ac4d5ae7c5ec35f6f8c27ffb8198abc752667de Mon Sep 17 00:00:00 2001 From: dnomd343 Date: Sat, 25 Sep 2021 19:45:02 +0800 Subject: [PATCH 6/9] fix: don't create log files in none level --- load.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/load.sh b/load.sh index f29b973..aba3108 100755 --- a/load.sh +++ b/load.sh @@ -13,6 +13,10 @@ legal=false [ "$log_level" == "error" ] && legal=true [ "$log_level" == "none" ] && legal=true [ "$legal" == false ] && log_level="warning" +if [ "$log_level" != "none" ]; then + [ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log + [ ! -s "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log +fi cat>$XRAY_DIR/config/log.json< Date: Sat, 25 Sep 2021 20:15:21 +0800 Subject: [PATCH 7/9] feat: bypass the private network automatically --- load.sh | 39 ++++++++++++++++++++------------------- tproxy.sh | 12 ++++++++++++ 2 files changed, 32 insertions(+), 19 deletions(-) diff --git a/load.sh b/load.sh index aba3108..064e888 100755 --- a/load.sh +++ b/load.sh @@ -191,7 +191,7 @@ chmod +x $ASSET_DIR/update.sh } load_network_ipv4(){ -cat>"$NETWORK_DIR/ipv4"<"$NETWORK_DIR/interface/ipv4"<"$NETWORK_DIR/ipv6"<"$NETWORK_DIR/interface/ipv6"< /etc/resolv.conf - while read -r row - do - echo "nameserver $row" >> /etc/resolv.conf - done < $NETWORK_DIR/dns -fi +} + +init_dns(){ +cat /dev/null > /etc/resolv.conf +while read -r row +do + echo "nameserver $row" >> /etc/resolv.conf +done < $NETWORK_DIR/dns } load_ipv4(){ cat>$XRAY_DIR/expose/segment/ipv4<$XRAY_DIR/expose/segment/ipv6< /ipv4_range +while read -r segment +do + eval "iptables -t mangle -A XRAY -d $segment -j RETURN" +done < /ipv4_range +rm -f /ipv4_range while read -r segment do eval "iptables -t mangle -A XRAY -d $segment -j RETURN" @@ -15,6 +21,12 @@ iptables -t mangle -A PREROUTING -j XRAY ip -6 rule add fwmark 1 table 106 ip -6 route add local ::/0 dev lo table 106 ip6tables -t mangle -N XRAY6 +ip -6 addr | grep -w "inet6" | awk '{print $2}' > /ipv6_range +while read -r segment +do + eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN" +done < /ipv6_range +rm -f /ipv6_range while read -r segment do eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN" From 0f8326fae1bd4738625c6e1ddfdb57fbcb7869be Mon Sep 17 00:00:00 2001 From: dnomd343 Date: Sat, 25 Sep 2021 20:57:06 +0800 Subject: [PATCH 8/9] refactor: custom bypass network segment --- load.sh | 39 +++++++++++++++++++-------------------- tproxy.sh | 4 ++-- 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/load.sh b/load.sh index 064e888..b1a9b69 100755 --- a/load.sh +++ b/load.sh @@ -190,6 +190,21 @@ EOF chmod +x $ASSET_DIR/update.sh } +load_bypass_ipv4(){ +cat>"$NETWORK_DIR/bypass/ipv4"<"$NETWORK_DIR/bypass/ipv6"<"$NETWORK_DIR/interface/ipv4"<$XRAY_DIR/expose/segment/ipv4<$XRAY_DIR/expose/segment/ipv6< Date: Sat, 25 Sep 2021 22:29:16 +0800 Subject: [PATCH 9/9] update: some adjustments --- Dockerfile | 4 +--- asset.sh | 2 +- load.sh | 46 ++++++++++++---------------------------------- tproxy.sh | 4 ++-- 4 files changed, 16 insertions(+), 40 deletions(-) diff --git a/Dockerfile b/Dockerfile index 696ecc6..20be078 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine as asset COPY ./asset.sh / -RUN apk --update add --no-cache curl wget && \ +RUN apk --update add --no-cache curl wget jq && \ sh /asset.sh FROM alpine @@ -10,7 +10,5 @@ COPY --from=asset /tmp/xray/xray /usr/bin/ ENV XRAY_LOCATION_ASSET=/etc/xray/asset RUN apk --update add --no-cache iptables ip6tables && \ mkdir -p /etc/xray/config && \ - mkdir -p /etc/xray/expose/log && \ - mkdir -p /etc/xray/expose/segment && \ mv /etc/xray/tproxy.sh / CMD ["sh","/tproxy.sh"] diff --git a/asset.sh b/asset.sh index 8cc9e9c..1892855 100644 --- a/asset.sh +++ b/asset.sh @@ -1,5 +1,5 @@ get_github_latest_version() { - VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'); + VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | jq | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'); } get_architecture() { diff --git a/load.sh b/load.sh index b1a9b69..9da7b20 100755 --- a/load.sh +++ b/load.sh @@ -14,8 +14,8 @@ legal=false [ "$log_level" == "none" ] && legal=true [ "$legal" == false ] && log_level="warning" if [ "$log_level" != "none" ]; then - [ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log - [ ! -s "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log + [ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log + [ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log fi cat>$XRAY_DIR/config/log.json<$XRAY_DIR/config/inbounds.json<$CONFIG_DIR/outbounds.json<$CONFIG_DIR/routing.json< /etc/resolv.conf +while read -r row +do + echo "nameserver $row" >> /etc/resolv.conf +done < $NETWORK_DIR/dns +} + init_network(){ ifconfig eth0 down ip -4 addr flush dev eth0 @@ -264,19 +251,10 @@ if [ -n "$ipv6_forward" ]; then fi } -init_dns(){ -cat /dev/null > /etc/resolv.conf -while read -r row -do - echo "nameserver $row" >> /etc/resolv.conf -done < $NETWORK_DIR/dns -} - mkdir -p $LOG_DIR mkdir -p $ASSET_DIR mkdir -p $CONFIG_DIR mkdir -p $NETWORK_DIR -mkdir -p $XRAY_DIR/config load_log load_inbounds diff --git a/tproxy.sh b/tproxy.sh index fade183..687793a 100755 --- a/tproxy.sh +++ b/tproxy.sh @@ -1,8 +1,8 @@ [ -f "/etc/xray/expose/custom.sh" ] && sh /etc/xray/expose/custom.sh sh /etc/xray/load.sh -ip rule add fwmark 1 table 100 -ip route add local 0.0.0.0/0 dev lo table 100 +ip -4 rule add fwmark 1 table 100 +ip -4 route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N XRAY ip -4 addr | grep -w "inet" | awk '{print $2}' > /ipv4_range while read -r segment